QUESTION 16The administrator has downloaded the Traps_macOS_4.x.x.zip file. What are the next steps needed to successfully install the Traps 4.x for macOS agent?

A. Push the Traps_macOS_4.x.x.zip to the target endpoint(s), unzip it, and execute Traps.pkg.B. Unzip the Traps_macOS_4.x.x.zip, push the Traps pkg file to the target endpoint(s) and execute Traps.pkg.C. Create a one time action to install the Traps_macOS_4.x.x.zip file on the target endpoint(s).D. Create an installation package using Traps_macOS_4.x.x on ESM, download the installationpackage.zip, push the installationpackage.zip to target endpoint(s), unzip it, and execute Traps.pkg.

Answer: D

QUESTION 17The ESM policy is set to upload unknowns to WildFire. However, when an unknown is executed the Upload status in ESM Console never displays “Upload in progress”, and the verdict remains local analysis or unknown. Even clicking the upload button and checking in does not resolve the issue. A line in the log file suggests not being able to download a file from “https:/ESMSERVER/BitsUploads/…” to “C:\ProgramData\Cyvera\Temp\…”. Which solution fixes this problem?

A. Restart BITS service on the endpoint.B. Restart BITS service on ESM.C. Remove and reinstall all the agents without SSL.D. In the ESM Console, use the FQDN in multi ESM.

Answer: B

QUESTION 18An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment. Which two troubleshooting actions are relevant to this investigation? (Choose two.)

A. Check that the servers xml file has been cleared on the migrated endpoints.B. Check that the ClientInfoHash tag has been cleared on the migrated endpoints.C. Check that the actions xml file has not been cleared on the migrated endpoints.D. Check that the WildFire cache has been cleared on the migrated endpoints.

Answer: AD

QUESTION 19Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?

A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.

Answer: B

QUESTION 20An administrator can check which two indicators to verity that Traps for Mac is running correctly on an installed endpoint? (Choose two.)

A. Use cytool from the command line interface to display the running Traps agent services.B. In the Activity Monitor, verify that CyveraSecvice is running.C. Ping other Traps agents from the macOS agent.D. Verity that the Traps agent icon is displayed on the macOS finder bar.

Answer: BD

QUESTION 21A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL. Which troubleshooting step determines if this is an SSL issue?

A. From the agent run the command: telnet (hostname) (port).B. Check that the Traps service is running.C. From the agent run the command: ping (hostname).D. Browse to the ESM hostname from the affected agent.

Answer: D

QUESTION 22When installing the ESM, what role must the database user be assigned in Microsoft SQL?

A. db_ownerB. db_secuirtyadminC. db_datawriterD. db_accessadmin

Answer: A

QUESTION 23A company wants to implement a new Virtual Desktop Infrastructure (VDI) in which the endpoints are protected with Traps. It must select a VDI platform that is supported by Palo Alto Networks for Traps use. Which two platform are supported? (Choose two.)

A. Citrix XenDesktopB. VMware Horizon ViewC. ListeqD. Nimboxx

Answer: AB

QUESTION 24A customer has an environment with the following items:— 1,000 agents communicating over SSL with two servers – one containing the ESM Server and another one where the ESM Console is installed— BitsUploads resides on the ESM Console server— ESM Server and Console are using the default pods tor communicationIn a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

A. Traps agent is not able to check in with the ESM Server.B. The rate of upload is lower than 100Kb/S.C. The BITS address in the ESM is incorrect.D. Port 2125 is blocked on the server which hosts BitsUploads.E. Port 443 is blocked on the server which hosts BitsUploads.

Answer: ACE

QUESTION 25Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)

A. ConditionsB. ProcessesC. ESM ServerD. Target ObjectsE. Features

Answer: AD

QUESTION 26Which version of .NET Framework is required as a prerequisite when installing Traps agent on Windows 7?

QUESTION 27Files are not getting a WildFire verdict. What is one way to determine whether there is a BITS issue?

A. Check the upload status in the hash control screen.B. Run a telnet command between Traps agent and ESM Server on port 2125.C. Use PowerShell to test upload using HTTP POST method.D. Initiate a “Send support file” from the agent.

Answer: C

QUESTION 28Which is the proper order of tasks that an administrator needs to perform to successfully create and install Traps 4.x for macOS agents?

A. Download ClientUpgradePackage_4.x.x.zip from the support portal.Copy ClientUpgradePackage_4.x.x.zip to target endpoint.Unzip and run traps pkg.B. Download ClientUpgradePackage.zip from the support portal.Create installation package on ESM using .zip file, download installpackage.zip file.Copy installpackage.zip to target endpoint.Unzip and run traps pkg.C. Download Traps_macOS_4.x.x.zip from the support portal.Copy Traps_macOS_4.x.x.zip to target endpoint.Unzip and run traps pkg.D. Download Traps_macOS_4.x.x.zip from the support portal.Create installation package on ESM using .zip file, download installpackage.zip file.Copy installpackage.zip to target endpoint.Unzip and run traps pkg.

Answer: D

QUESTION 29A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database, ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

Answer: D

QUESTION 30An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded. The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them. How should an administrator perform this evaluation?

A. Run a known 2015 flash exploit on a Windows XP SP3 VM, and run an exploitation tool that acts as a listener. Use the results to demonstrate Traps capabilities.B. Run word processing exploits in a Windows 7 VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities.C. Prepare a Windows 7 VM. Gather information about the word processing applications, determine if some of them are vulnerable, and prepare a working exploit for at least one of them. Execute with an exploitation tool.D. Gather information about the word processing applications and run them on a Windows XP SP3 VM. Determine if any of the applications are vulnerable and run the exploit with an exploitation tool.